Phishing Analysis
Detailed analysis of captured phishing page
Visual Capture
No screenshot available
Detection Info
http://d316dh04.eu1.hubspotlinks.com/Ctc/GG%20113/d316DH04/VW9BVl94v_cXW8R-YVj4xfKPmW6YVQGc4TXj_qN7xs-ww3lSbNV1-WJV7CgKQ8W8cLs8n2xT-ybW3YsRVH6dxbSLW772P3f3fJVFVW8bGTkz3l7rDpW35-zk91GMb13W1836X02sBMjPW8GrbGZ1mP0yKW7WYF7F7kLvp_W7jTtGz7rsfnzW3j2t9b99CRXZW8VSqVy4G0yDRW15d3rB12fc5TW79q_9w5wz1H1W3SwbZx30_NX8W2wC2Vj1byl83W2bSShT2jcd0SW15lggk1bbyWmW11pMrY5blp1NW4ksgn87-L1lgW3BzGDl4qBMLnW1y8W0t5fPB9cW6MTqjR2fgbH_3f5s1
Detected Brand
Facebook
Country
International
Confidence
100%
HTTP Status
200
Report ID
d9383e0e-f8dā¦
Analyzed
2025-12-21 14:43
Final URL (after redirects)
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2FAuctim%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9EjMxc__sdci6zkQyveMsy8UdzWFdT2thQIOeFUM7oNspdhpbtBzGkLVwmwWJUUNVYfCzWi9lwKJkjrX7c6ZLMlCA1e7Hp3Y_nNFAgeCMonpcas60%26_hsmi%3D67103923%26utm_content%3D67103923%26utm_source%3Dhs_email
Content Hashes (HTML Similarity)
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18A23C9659209B0620B7A4FF0E87D021712D7595FF8B2A4A09D2AF7E634C3FF4AD5E108 |
|
CONTENT
ssdeep
|
768:pPtZCKpTQDvxJ0hnhnOBsaVFHqqZjispgNmzUmw2E+GnIWnIjiD99jifIAaiq9ua:pPtZCKZQDvxJ0hhOBsaVFHqqZjispgNB |
Visual Hashes (Screenshot Similarity)
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b372cc815ccc99b9 |
|
VISUAL
aHash
|
efe7c7c4476fffff |
|
VISUAL
dHash
|
8c0f8d099d99ee36 |
|
VISUAL
wHash
|
67c7c0c0454f6fc3 |
|
VISUAL
colorHash
|
06200048040 |
|
VISUAL
cropResistant
|
8c0f8d099d99ee36,c749035cc0c51719,0008303232100800,0d070d0781d14d47 |
Code Analysis
Risk Score
70/100
Threat Level
ALTO
š£ Credential Harvester
š£ OTP Stealer
š£ Card Stealer
š£ Banking
š£ Personal Info
š¬ Threat Analysis Report
ā¢ Threat: Credential harvesting phishing kit
ā¢ Target: Facebook users
ā¢ Method: Fake login form stealing email/phone and password
ā¢ Exfil: Data likely sent to a malicious server controlled by the attacker
ā¢ Indicators: Domain mismatch, non-official hubspotlinks.com domain
ā¢ Risk: HIGH - Immediate credential theft
šÆ Kit Endpoints
- /reg/?entry_point=login&next=https%3A%2F%2Fwww.facebook.com%2FAuctim%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9EjMxc__sdci6zkQyveMsy8UdzWFdT2thQIOeFUM7oNspdhpbtBzGkLVwmwWJUUNVYfCzWi9lwKJkjrX7c6ZLMlCA1e7Hp3Y_nNFAgeCMonpcas60%26_hsmi%3D67103923%26utm_content%3D67103923%26utm_source%3Dhs_email
- https://www.facebook.com/recover/initiate/?privacy_mutation_token=eyJ0eXBlIjo1LCJjcmVhdGlvbl90aW1lIjoxNzY2MzI4MTM0fQ%3D%3D&ars=facebook_login&next=https%3A%2F%2Fwww.facebook.com%2FAuctim%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9EjMxc__sdci6zkQyveMsy8UdzWFdT2thQIOeFUM7oNspdhpbtBzGkLVwmwWJUUNVYfCzWi9lwKJkjrX7c6ZLMlCA1e7Hp3Y_nNFAgeCMonpcas60%26_hsmi%3D67103923%26utm_content%3D67103923%26utm_source%3Dhs_email
- https://l.facebook.com/l.php?u=https%3A%2F%2Fabout.meta.com%2Ftechnologies%2Fmeta-pay&h=AT04y0n9W0TwBeh4S5531LVuDHy4XVG0y9IxP1bmFtFZqkfn_muXHKlZitfLhZkVhBs97sHbb0qwFWmafanZOnRcdrGEjXA5dFzi3LSL44QzD3ctLqC_Zpp58CUDYcp4Ilig_cgs2J_GipNa_pZTlw
- https://www.facebook.com/login/
š” API Calls Detected
- GET
Similar Websites
Pages with identical visual appearance (based on perceptual hash)
Scan History for d316dh04.eu1.hubspotlinks.com
Found 3 other scans for this domain
"I Never Thought It Would Happen to Me"
That's what 2.3 million victims say every year. Don't wait to become a statistic.